A new Phishing scam that aims to steal customers’ credit card information was recently discovered by Apple. The scam attempts to trick Apple customers and make them sigh for a subscription agreement.
9to5Mac received a copy of a phishing e-mail about the subscription confirmation (see the image). As you can see, the email has same design and format as a legitimate Apple e-mail. It also provides the same list of the information, users would usually see in a legitimate message from Apple. Masking as a subscription, cybercriminals behind the scam aims at highlight a regular charge, prompting potential victims to cancel the subscription changing them on a regular basis. So users that want to cancel the subscription will tap on the provided URL address which says “Cancel Subscription”. However, once the victim clicks on the link, it redirects it to a page which asks for personal information, such as Apple ID, credit card details, and other information. If the victim provides this information, it will go to the hackers.
How should users protect themselves against phishing emails?
Apple published its advice on its website, in order to determinate whether an email received from Apple is legit:
“Genuine purchase receipts—from purchases in the App Store, iTunes Store, iBooks Store, or Apple Music—include your current billing address, which scammers are unlikely to have. You can also review your App Store, iTunes Store, iBooks Store, or Apple Music purchase history.”
Apple also noted that emails that include information about users' purchases from App Store, iTunes Store, iBooks Store, or Apple Music will never ask them to provide the following information over the email:
- Social Security Number
- Mother’s maiden name
- Full credit card number
- Credit card CCV code”
In addition, Apple asks users to report phishing scams to the company. So, whoever was affected by similar phishing scams should contact the company at firstname.lastname@example.org.
A volume of phishing scams increases
Even though phishing scams are not a new way to trick users and receive information illegally, they are getting more sophisticated over the time. Phishing scam attempts to mimic a legitimate e-mail or message from a company or provider, and trick users into clicking malicious URLs that enable cybercriminals behind the phishing emails to steal. User sensitive information. To be honest, the latest App Store subscription emails are quite convincing and look like a legitimate e-mail from official Apple App Store.
That is why users should always take some time to review suspicious emails that ask private and sensitive data.
As it was mentioned before, Apple usually lists its customers' credit card and its last four digits in its confirmation e-mails. This phishing e-mail only contains words “By Card”. The biggest hint would be “Cancel Subscription” link, while Apple’s e-mail usually asks users to “review your subscription”. Finally, the copyright icon I the phishing scam is wrong.
It is still unclear how widespread this latest phishing scam is, but it is wide enough for Apple to issue a support document for its customers, how to safeguard themselves from phishing scams.